CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Jetbrains » Teamcity » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-31915 78 Exec Code 2021-05-11 2021-05-17
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
2 CVE-2021-31913 354 2021-05-11 2021-05-17
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
3 CVE-2021-31912 640 2021-05-11 2021-05-17
6.8
None Remote Medium Not required Partial Partial Partial
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
4 CVE-2021-31911 79 XSS 2021-05-11 2021-05-14
4.3
None Remote Medium Not required None Partial None
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
5 CVE-2021-31910 918 2021-05-11 2021-05-17
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
6 CVE-2021-31909 88 Exec Code 2021-05-11 2021-05-14
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
7 CVE-2021-31908 79 XSS 2021-05-11 2021-05-13
3.5
None Remote Medium ??? None Partial None
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
8 CVE-2021-31907 732 2021-05-11 2021-05-14
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
9 CVE-2021-31906 2021-05-11 2021-05-14
4.0
None Remote Low ??? None Partial None
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
10 CVE-2021-31904 79 XSS 2021-05-11 2021-05-14
4.3
None Remote Medium Not required None Partial None
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.
11 CVE-2021-25778 732 2021-02-03 2021-02-05
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
12 CVE-2021-25777 863 2021-02-03 2021-02-04
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
13 CVE-2021-25776 922 2021-02-03 2021-02-04
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
14 CVE-2021-25775 732 2021-02-03 2021-02-04
5.5
None Remote Low ??? Partial Partial None
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
15 CVE-2021-25774 863 2021-02-03 2021-02-05
4.0
None Remote Low ??? Partial None None
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.
16 CVE-2021-25773 79 XSS 2021-02-03 2021-02-04
4.3
None Remote Medium Not required None Partial None
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.
17 CVE-2021-25772 2021-02-03 2021-02-04
5.0
None Remote Low Not required None None Partial
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
18 CVE-2021-3315 79 XSS 2021-05-11 2021-05-13
3.5
None Remote Medium ??? None Partial None
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
19 CVE-2020-35667 918 2021-02-03 2021-02-05
5.0
None Remote Low Not required Partial None None
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
20 CVE-2020-27629 2020-11-16 2020-12-01
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
21 CVE-2020-27628 2020-11-16 2020-11-23
4.0
None Remote Low ??? Partial None None
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
22 CVE-2020-27627 74 2020-11-16 2020-12-01
5.8
None Remote Medium Not required Partial Partial None
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
23 CVE-2020-15831 79 XSS 2020-08-08 2020-08-10
4.3
None Remote Medium Not required None Partial None
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
24 CVE-2020-15830 79 XSS 2020-08-08 2020-08-10
4.3
None Remote Medium Not required None Partial None
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
25 CVE-2020-15829 200 +Info 2020-08-08 2021-07-21
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
26 CVE-2020-15828 200 +Info 2020-08-08 2021-07-21
4.0
None Remote Low ??? Partial None None
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.
27 CVE-2020-15826 863 2020-08-08 2021-07-21
4.0
None Remote Low ??? None Partial None
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
28 CVE-2020-15825 269 2020-08-08 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
29 CVE-2020-11938 200 +Info 2020-04-22 2021-07-21
4.0
None Remote Low ??? Partial None None
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.
30 CVE-2020-11689 276 2020-04-22 2020-04-27
4.0
None Remote Low ??? None Partial None
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
31 CVE-2020-11688 613 2020-04-22 2020-04-27
5.0
None Remote Low Not required None None Partial
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
32 CVE-2020-11687 200 +Info 2020-04-22 2020-04-27
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
33 CVE-2020-11686 200 +Info 2020-04-22 2021-07-21
4.0
None Remote Low ??? Partial None None
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
34 CVE-2020-7911 79 XSS 2020-01-30 2020-01-31
4.3
None Remote Medium Not required None Partial None
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
35 CVE-2020-7910 79 XSS 2020-01-30 2020-01-31
3.5
None Remote Medium ??? None Partial None
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
36 CVE-2020-7909 522 2020-01-30 2020-02-01
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
37 CVE-2020-7908 522 2020-01-30 2021-07-21
4.3
None Remote Medium Not required Partial None None
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
38 CVE-2019-18367 276 2019-10-31 2019-11-04
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
39 CVE-2019-18366 276 2019-10-31 2019-11-04
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
40 CVE-2019-18365 2019-10-31 2019-11-07
4.3
None Remote Medium Not required Partial None None
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
41 CVE-2019-18364 502 Exec Code 2019-10-31 2019-11-01
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
42 CVE-2019-18363 200 +Info 2019-10-31 2021-07-21
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
43 CVE-2019-12846 2019-07-03 2020-08-24
4.0
None Remote Low ??? None Partial None
A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.
44 CVE-2019-12845 287 2019-07-03 2020-08-24
5.0
None Remote Low Not required None Partial None
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.
45 CVE-2019-12844 94 2019-07-03 2020-08-24
4.3
None Remote Medium Not required None Partial None
A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3.
46 CVE-2019-12843 94 2019-07-03 2020-08-24
4.3
None Remote Medium Not required None Partial None
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3.
47 CVE-2019-12842 79 XSS 2019-07-03 2019-07-05
4.3
None Remote Medium Not required None Partial None
A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2.
48 CVE-2019-12841 20 2019-07-03 2019-07-09
5.0
None Remote Low Not required None Partial None
Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.
49 CVE-2019-12157 20 2019-10-02 2021-01-26
10.0
None Remote Low Not required Complete Complete Complete
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
50 CVE-2019-12156 209 2019-10-02 2019-10-08
5.0
None Remote Low Not required Partial None None
Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293.
Total number of vulnerabilities : 52   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.